Cloud Security vs Cloud Access Security
Cloud security also known as cloud computing security belongs to sub categories of computer security or network security within the broader category of information security. Cloud security deals with the set of policies, controls or security measures built for the purpose of securing data, applications and infrastructure specifically in clouds. On the other hand, Cloud Access Security can be identified as a sub topic within Cloud security, which deals with keeping track of where data is located and who is accessing it over the cloud. Most of the times, it deals with providing an Identity Management system for the cloud users.
Cloud security is an evolving sub field of computer or network security, which deals with providing means of security for the content of cloud through various policies, controls and infrastructure. However, cloud security has no relationship with cloud based security measures and applications like cloud-based anti-virus or vulnerability management software offered through security-as-a-service. Cloud security is broken down in to the issues and concerns faced by the provider and the issues and concerns faced by customer of the cloud. Cloud providers are responsible for delivering software, platform or infrastructure as a service to the cloud customers. Cloud providers must make sure that the applications and data of the clients are secured, while it is the customer’s responsibility to make sure that the service provider has taken correct measures to secure the information. Cloud security issues have been divided in to three main categories, namely, Security and Privacy, Compliance and Legal issues. To maintain data security and its privacy, several measures like data protection mechanisms, Identity Management Systems, physical and personal security mechanisms, high availability guarantee mechanisms, application level security measures and data masking mechanisms are been used. To maintain compliance, the service providers must comply with many regulations on storing data such as PCI DSS (Payment Card Industry Data Security Standard), HIPAA (Health Insurance Portability and Accountability Act) and Sarbanes-Oxley Act, which require regular audits and reporting trails. And when it comes to legal and contractual issues, there should be agreements between the providers and the customers on liability, intellectual property and end-of-service conditions.
Cloud Access Security
Cloud access security can be indentified as a sub-area of cloud security which deals specifically with how data is allowed to be accessed and by whom. Access security is a very important issue in private clouds and more so in public clouds where many service providers might be providing services together. Identity Management Systems are a must in any cloud. These systems could be either the customer’s Identity Management Systems integrated to the cloud (using federation or Single sign-on) or systems provided by the service providers themselves. If Single sign-on technology is used between different SaaS (Software-as-a-Service) providers, then the user can use the same set of credentials for logging in to all systems. Federation technology provides the mechanisms to coordinate user identities across different systems. In order to negate the major risk of service provider’s administrators abusing the access rights, customers can install event log monitoring tools. These tools can alert the customer when it notices anomalies in the logging in times/patterns/trends of provider’s administrators.
What is the difference between Cloud Security and Cloud Access Security?
Cloud security is the sub-field in computer security, which deals with protecting cloud content by using various policies, controls and infrastructures. Cloud security is broken down in to various dimensions and cloud access security is one of its very important dimensions. Cloud access security deals with providing protection to cloud content by means of building secure access mechanisms to regulate who accesses the cloud and how. Maintaining cloud access security is very important for maintaining the cloud security as it eliminates the possibility of unauthorized/unauthenticated users accessing data in the cloud and jeopardizing the security and privacy of data stored in the cloud.